Auditing

AuditingAuditing

2

Overview Overview

• Objectives of a Financial Audit Objectives of a Financial Audit • Generally Accepted Auditing Standards Generally Accepted Auditing Standards

(GAAS)(GAAS)• Auditor’s Standard ReportAuditor’s Standard Report– Opinions; Materiality; RSI;SASOpinions; Materiality; RSI;SAS– Types of governmental auditsTypes of governmental audits

• General Accountability OfficeGeneral Accountability Office– Generally Accepted Government Auditing Generally Accepted Government Auditing

Standards (GAGAS)Standards (GAGAS)

3

Overview Overview

• Independence Standards & Independence Standards & SafeguardsSafeguards– Audit & Non-audit servicesAudit & Non-audit services

• Single AuditsSingle Audits

• External Auditor’s RoleExternal Auditor’s Role

• Management’s RoleManagement’s Role

• Certified Information Systems AuditorCertified Information Systems Auditor

• ARRA (American Recovery & ARRA (American Recovery & Reinvestment Act of 2009)Reinvestment Act of 2009)

4

Objectives of a Financial Objectives of a Financial AuditAudit

• Render a report by independent Render a report by independent auditors expressing an opinion that auditors expressing an opinion that FS FS present fairlypresent fairly the financial the financial position, changes in financial position, changes in financial position, &, where applicable, cash position, &, where applicable, cash flows of the organization.flows of the organization.

5

Objectives of a Financial Objectives of a Financial AuditAudit

• ““Present fairly” means in conformity Present fairly” means in conformity with appropriate generally accepted with appropriate generally accepted accounting principles (GAAP)accounting principles (GAAP)

• Opinions based on reasonable Opinions based on reasonable assurance the financial statements assurance the financial statements are free from material misstatements are free from material misstatements (error or fraud)(error or fraud)–Audits DO NOT provide absolute Audits DO NOT provide absolute

assuranceassurance

6

• Auditors performing financial Auditors performing financial statement audits (non issuers) follow statement audits (non issuers) follow GAAS, reflected in Statements of GAAS, reflected in Statements of Auditing Standards (SAS) issued by Auditing Standards (SAS) issued by the Auditing Standards Board of the the Auditing Standards Board of the AICPA AICPA

• 10 standards* (expanded by more than 10 standards* (expanded by more than 100 SASs)100 SASs)

•general standards (3)general standards (3)•field work standards (3)field work standards (3)• reporting standards (4)reporting standards (4)

Generally Accepted Auditing Standards (GAAS)

*Does not reflect new audit risk standards

7

Generally Accepted Generally Accepted Auditing StandardsAuditing Standards

• GeneralGeneral Standards Standards

1.1. Adequate technical training & Adequate technical training &

proficiency as auditorproficiency as auditor

2.2. Independence in mental attitudeIndependence in mental attitude

3.3. Due professional careDue professional care

8


• Standards of Standards of Field Work Field Work

1.1. Adequate planning & proper supervisionAdequate planning & proper supervision

2.2. Study & evaluation of internal controlStudy & evaluation of internal control• New standard focuses on understanding entity New standard focuses on understanding entity

(including IC) & its environment to assess risk (including IC) & its environment to assess risk of material misstatement (RMM)of material misstatement (RMM)

3.3. Sufficient competent evidential matter…Sufficient competent evidential matter…basis of opinionbasis of opinion

9


• Standards of Standards of ReportingReporting

1.1. State if financial statements presented in State if financial statements presented in

accordance with GAAPaccordance with GAAP

2.2. GAAP consistently observed in current & GAAP consistently observed in current & preceding periodpreceding period

3.3. Informative disclosures reasonably adequate Informative disclosures reasonably adequate

4.4. Expression of opinion or reason why not Expression of opinion or reason why not

10

Paragraphs in a standard audit report:Paragraphs in a standard audit report:• OpeningOpening

– Identifies FS being auditedIdentifies FS being audited

• ScopeScope – Describes nature of the auditDescribes nature of the audit

• OpinionOpinion – Expresses auditor’s opinion re: “fairness” of FSExpresses auditor’s opinion re: “fairness” of FS

• ExplanatoryExplanatory – Used in most governmental audits, usually related to Used in most governmental audits, usually related to

auditor’s role in reviewing supplementary informationauditor’s role in reviewing supplementary information

Auditor’s Standard Report

11

• Unqualified (clean)Unqualified (clean)– FS present fairly financial position & changes FS present fairly financial position & changes

in position (and cash flows, if applicable) in position (and cash flows, if applicable) according to GAAPaccording to GAAP

• Qualified opinionQualified opinion– FSFS contain material departure from GAAP or contain material departure from GAAP or

there is a material change between periods in there is a material change between periods in GAAPGAAP

• Adverse opinionAdverse opinion– FSFS do not present fairly in conformity with do not present fairly in conformity with

GAAPGAAP

• Disclaimer of opinionDisclaimer of opinion– Often due to inability to examine recordsOften due to inability to examine records. .

Types of Auditor’s Opinions

12

MaterialityMateriality

• DEFINITIONDEFINITION– In the auditor’s judgment, level at which the In the auditor’s judgment, level at which the

quantitative or qualitative effects of quantitative or qualitative effects of misstatements will have a significant impact misstatements will have a significant impact on users’ evaluationson users’ evaluations

• Auditors make separate materiality Auditors make separate materiality determinations for each opinion unit. determinations for each opinion unit. –Governmental activitiesGovernmental activities– Business-type activitiesBusiness-type activities– Aggregate discretely presented component Aggregate discretely presented component

unitsunits– Each major governmental & enterprise fundEach major governmental & enterprise fund– Aggregate remaining fund informationAggregate remaining fund information

13

Statement on Auditing Statement on Auditing Standards (SAS)Standards (SAS)

• Most important for PG:Most important for PG:– SAS 114 – Communicating with those SAS 114 – Communicating with those

charged charged with governance with governance• Auditor’s responsibilities under GAASAuditor’s responsibilities under GAAS• Overview of planned scope & timing of auditOverview of planned scope & timing of audit• Significant findings from the audit Significant findings from the audit

– Qualitative aspects of significant accounting Qualitative aspects of significant accounting policiespolicies

– Significant difficultiesSignificant difficulties– Material misstatements (uncorrected and/or Material misstatements (uncorrected and/or

uncorrected)uncorrected)– Disagreements with managementDisagreements with management– Other significant issues discussed with Other significant issues discussed with

managementmanagement• Auditor’s choice (oral or written)Auditor’s choice (oral or written)

14


• Most important for PG:Most important for PG:– SAS 115 - Communicating IC Related SAS 115 - Communicating IC Related

MattersMatters• Replaces SAS 112 effective 9/30/2010Replaces SAS 112 effective 9/30/2010• Definition of terms:Definition of terms:

– Control DeficiencyControl Deficiency– Significant deficiency (replaces reportable Significant deficiency (replaces reportable

condition)condition)– Material weaknessMaterial weakness

• Requires written communication of significant Requires written communication of significant deficiencies and material weaknesses to deficiencies and material weaknesses to management and those charged with management and those charged with governancegovernance

15



MattersMatters• Definition of terms:Definition of terms:

Control deficiency:Control deficiency:» A deficiency in internal control exists when A deficiency in internal control exists when

the design or operation of a control does not the design or operation of a control does not allow management or employees, in the allow management or employees, in the normal course of performing their assigned normal course of performing their assigned functions, to prevent, or detect and correct functions, to prevent, or detect and correct misstatements on a timely basis.misstatements on a timely basis.

16



MattersMatters• Definition of terms (continued):Definition of terms (continued):

Significant deficiency: Significant deficiency: » A control deficiency, or combination of control A control deficiency, or combination of control

deficiencies such that there is more than a deficiencies such that there is more than a remote likelihood that a misstatement of the remote likelihood that a misstatement of the entity’s financial statements that is more than entity’s financial statements that is more than inconsequential will not be prevented or inconsequential will not be prevented or detected. detected.

Material weakness : Material weakness : » A significant deficiency, or combination of A significant deficiency, or combination of

significant deficiencies, that results in more significant deficiencies, that results in more than a remote likelihood that a material than a remote likelihood that a material misstatement of the financial statements will misstatement of the financial statements will not be prevented or detected.not be prevented or detected.

17

Auditing Required Supplementary Auditing Required Supplementary Information (RSI)Information (RSI)

• RSI, such as:RSI, such as:– MD&A MD&A – budgetary comparison schedulesbudgetary comparison schedules– pension informationpension information– modified approach informationmodified approach informationare normally outside the scope of the FS are normally outside the scope of the FS

auditaudit

• Auditors apply Auditors apply “certain limited “certain limited procedures”procedures” in connection to RSI to in connection to RSI to provide assurance that they are fairly provide assurance that they are fairly presented presented in relation toin relation to the basic the basic financial statementsfinancial statements

18

• FinancialFinancial–Opinion as to whether FS are Opinion as to whether FS are presented fairly in conformity with presented fairly in conformity with GAAP & all material facts are GAAP & all material facts are discloseddisclosed

Types of Governmental Audits

19

• Attestation engagementAttestation engagement– Examinations/procedures that lead to a Examinations/procedures that lead to a

report & assertion about subject matter report & assertion about subject matter that is the responsibility of another partythat is the responsibility of another party

» Internal controlsInternal controls» ComplianceCompliance» MD&AMD&A» Contract amountsContract amounts» Performance measuresPerformance measures


20

• PerformancePerformance–Determination of whether managers are Determination of whether managers are

using resources efficiently & effectively in using resources efficiently & effectively in accomplishing organizational goals accomplishing organizational goals


21

U.S. General Accountability U.S. General Accountability Office (GAO)Office (GAO)

• Establishes Generally Accepted Establishes Generally Accepted Government Auditing Standards Government Auditing Standards (GAGAS)(GAGAS)– Intended to supplement GAASIntended to supplement GAAS– Standards in Standards in “Yellow Book”“Yellow Book”

22

• Required for Single Audit* of Required for Single Audit* of organizations that organizations that expendexpend more than more than $500,000 in federal financial $500,000 in federal financial assistanceassistance in any year in any year

• May be required by states of its local May be required by states of its local governmentsgovernments–All governments required in FLAll governments required in FL

Generally Accepted Government Auditing Standards (GAGAS)

*Single Audit Act of 1984

23

Standard re: professional proficiencyStandard re: professional proficiency– Thorough knowledge of governmental Thorough knowledge of governmental

auditing & the specific or unique auditing & the specific or unique environment in which audited entity environment in which audited entity operatesoperates• Applies to all governmental auditors Applies to all governmental auditors

regardless of professional certificationsregardless of professional certifications

– At least 80 hours CPE every 2 yearsAt least 80 hours CPE every 2 years• At least 20 hours in each of the 2 yearsAt least 20 hours in each of the 2 years• At least 24 hours related directly to the audit At least 24 hours related directly to the audit

environmentenvironment

Unique Aspects of GAGAS

24

• 80 hours CPE80 hours CPE– Remaining 56 hours must improve Remaining 56 hours must improve

proficiency to audit & attest if involvedproficiency to audit & attest if involved• In any level of planning, supervision, reporting, In any level of planning, supervision, reporting,

or reviewingor reviewing• More than 20% of time in fieldwork on these More than 20% of time in fieldwork on these

types of engagementstypes of engagements

– Proficiency standards Proficiency standards apply to internal apply to internal experts as well as governmental auditorsexperts as well as governmental auditors


25

• GAGAS standards place much GAGAS standards place much more emphasis on more emphasis on compliancecompliance with laws and regulations & with laws and regulations & ethicsethics than do GAASthan do GAAS


26

Independence StandardsIndependence Standards

• Independence is the cornerstone of Independence is the cornerstone of the auditing profession and the the auditing profession and the second general standard in both the second general standard in both the AICPA’s GAAS and GAO’s GAGASAICPA’s GAAS and GAO’s GAGAS

• Non audit servicesNon audit services– That solely performed for the benefit of That solely performed for the benefit of

the entity requesting the work & does the entity requesting the work & does not provide for a basis for conclusions, not provide for a basis for conclusions, recommendations, or opinions as would a recommendations, or opinions as would a financial audit, attestation engagement, financial audit, attestation engagement, or performance auditor performance audit

27

GAO Independence GAO Independence Standards–Standards–

Non-audit ServicesNon-audit Services• Two overarching principlesTwo overarching principles::

(1) Auditors(1) Auditors should not perform should not perform management functionsmanagement functions or make or make management decisionsmanagement decisions

(2) Auditors(2) Auditors should not audit their own workshould not audit their own work or provide nonaudit services in situations or provide nonaudit services in situations when the nonaudit services are when the nonaudit services are significant to significant to the audit subject matterthe audit subject matter

28

Safeguards:Safeguards:

1.1. Preclude nonaudit personnel from Preclude nonaudit personnel from planning auditplanning audit

2.2. Do not reduce audit scopeDo not reduce audit scope

3.3. Document Document

• Consideration of nonaudit workConsideration of nonaudit work• Understanding with client of Understanding with client of

objectives & scope of audit workobjectives & scope of audit work

GAO Independence Standards–Nonaudit Services

29

Safeguards:Safeguards:

4.4. Include policies to ensure compliance Include policies to ensure compliance with independence standardswith independence standards• Independent in fact & appearanceIndependent in fact & appearance

5.5. Avoid certain nonaudit workAvoid certain nonaudit work

6.6. Make all documentation available for Make all documentation available for peer reviewpeer review

GAO Independence Standards–Nonaudit Services

30

GAO Independence GAO Independence StandardsStandards

Nonaudit Services Nonaudit Services

• AcceptableAcceptable - no safeguards - no safeguards neededneeded– Providing routine Providing routine

advice/methodologiesadvice/methodologies– Serving on advisory committeesServing on advisory committees–Answering technical questionsAnswering technical questions– Providing trainingProviding training

31



• ProhibitedProhibited–Maintaining accounting recordsMaintaining accounting records– Posting transactions Posting transactions –Recommending a single person for a Recommending a single person for a

positionposition– Supervising information technology Supervising information technology

systemsystem

32



• PermittedPermitted –When safeguards are in placeWhen safeguards are in place• Preparing draft FS based on management’s TBPreparing draft FS based on management’s TB

–Maintaining depreciation schedulesMaintaining depreciation schedules• Management determines key elements in Management determines key elements in

calculationscalculations

– Proposing adjusting & correction entriesProposing adjusting & correction entries• Management chooses to acceptManagement chooses to accept

33


Nonaudit Services Nonaudit Services• Revised “Yellow Book” – 2011Revised “Yellow Book” – 2011–New section of conceptual frameworkNew section of conceptual framework• Assess threats to independenceAssess threats to independence• Establish safeguardsEstablish safeguards

–No change in current status regarding No change in current status regarding independenceindependence

34

• Improve the efficiency & effectiveness Improve the efficiency & effectiveness of governmental audit effort of governmental audit effort

• Single Audit Act of 1984Single Audit Act of 1984– Amended 1996Amended 1996– Replaced multitude of grant-by-grant Replaced multitude of grant-by-grant

audits with single, comprehensive, entity-audits with single, comprehensive, entity-wide auditwide audit• Risk based approach Risk based approach

• Provide all federal awarding agencies Provide all federal awarding agencies a single report to satisfy program’s a single report to satisfy program’s audit requirementsaudit requirements

Single Audits

35

1996 Single Audit Act Amendments:1996 Single Audit Act Amendments:Establishes risk-based approachEstablishes risk-based approach

Places greater audit coverage on high risk Places greater audit coverage on high risk programsprograms

Improves contents & timeliness of single audit Improves contents & timeliness of single audit reportingreporting

Permits OMB to administratively revise Permits OMB to administratively revise SA requirements without requiring SA requirements without requiring additional legislationadditional legislationCircular A-133 & related Compliance Circular A-133 & related Compliance

SupplementSupplement

Single Audits

36

• Those that Those that expendexpend more than more than $500,000 in federal financial $500,000 in federal financial assistance in a yearassistance in a year– Up from $100,000 (1984) & $300,000 Up from $100,000 (1984) & $300,000

(1996)(1996)• Major program threshold still $300,000 or Major program threshold still $300,000 or

formula drivenformula driven

– Increased to $500,000 in 2005 Increased to $500,000 in 2005

What Entities Must Have a Single Audit?

37

• State & local governments, not-State & local governments, not-for-profit organizations, including for-profit organizations, including hospitals. hospitals.

– If expended only for one program or If expended only for one program or one program cluster, may have a one program cluster, may have a program audit, program audit, otherwise the audit otherwise the audit must be a must be a single auditsingle audit

What Entities Must Have a Single Audit?

38

• Calculation of amount of federal Calculation of amount of federal awards expendedawards expended

– Expended may not only be cash disbursedExpended may not only be cash disbursed

– Calculation can be complexCalculation can be complex• Cash or accrual basis allowedCash or accrual basis allowed

– Basic rule Basic rule • Award expended when federal agency Award expended when federal agency

becomes at risk & nonfederal recipient has becomes at risk & nonfederal recipient has duty of accountabilityduty of accountability

Single Audit

39

• All high risk** Type A** programs AND All high risk** Type A** programs AND either either 1.1. Half high-risk Type B programs Half high-risk Type B programs

OROR

2.2. One high-risk Type B** program for each One high-risk Type B** program for each low-risk Type A programlow-risk Type A program

• Not required to audit more high risk Not required to audit more high risk “B”s than low risk** “A”s“B”s than low risk** “A”s

• Audit at least enough major programs Audit at least enough major programs to ensure that at least 25% - 50% of to ensure that at least 25% - 50% of total federal award expenditures are total federal award expenditures are audited audited

Selection of Major Programs*

*Based on dollars spent **Formula driven & subjective (A-133)

40

• Schedule of findings & questioned costsSchedule of findings & questioned costs–Describes such matters as Describes such matters as

• Internal Control weaknessesInternal Control weaknesses

– Significant deficienciesSignificant deficiencies» Results in more than remote Results in more than remote

likelihood than material likelihood than material noncompliance will not be detectednoncompliance will not be detected

–Material weaknessesMaterial weaknesses• Instances of noncomplianceInstances of noncompliance• Questioned costsQuestioned costs• FraudFraud• Material misrepresentations by the auditeeMaterial misrepresentations by the auditee

Reporting Under Single Audit

41

• Schedule of findings & questioned Schedule of findings & questioned costscosts–Questioned cost Questioned cost

• Usually involves instance of noncompliance Usually involves instance of noncompliance with a law/regulation where costs arewith a law/regulation where costs are– UnallowableUnallowable– UnreasonableUnreasonable– Not supported by adequate documentationNot supported by adequate documentation

–Must be reported in scheduleMust be reported in schedule• Known questioned costs > $10,000Known questioned costs > $10,000• Likely costs > $10,000Likely costs > $10,000

Reporting Under Single Audit

42

External Auditor’s RoleExternal Auditor’s Role

• Adhere to standards of ethics & Adhere to standards of ethics & performance.performance.– Independent in both fact and appearanceIndependent in both fact and appearance

• Assures users of FS they are free of Assures users of FS they are free of material misstatementsmaterial misstatements– ””Reasonable but not absolute assurance”Reasonable but not absolute assurance”

• May provide advice, research May provide advice, research materials & recommendations to materials & recommendations to assistassist management in performing its management in performing its functions & making decisionsfunctions & making decisions

43

Management’s RoleManagement’s Role

• Full responsibility Full responsibility – Fair presentation of the FSFair presentation of the FS

• ManagementManagement Discussion & Analysis Discussion & Analysis• Accompanying notesAccompanying notes• RSIRSI• SISI

– Completeness & reliability of all Completeness & reliability of all information supporting FS amountsinformation supporting FS amounts

– Internal control structureInternal control structure

44

Management’s RoleManagement’s Role

• Audit processAudit process– Select auditorSelect auditor– Meet with auditor in entrance & exit Meet with auditor in entrance & exit

conferencesconferences– Respond to auditor questions in a Respond to auditor questions in a

timely mannertimely manner– Consider & implement as appropriate Consider & implement as appropriate

auditor recommendationsauditor recommendations

45

Certified Information Certified Information Systems Auditor Systems Auditor

• Control tests balance transaction Control tests balance transaction details to the total transactiondetails to the total transaction

• Uses generalized audit software toUses generalized audit software to– Provide totals of unusual itemsProvide totals of unusual items– Check for duplicate entriesCheck for duplicate entries– Check for missing informationCheck for missing information– Verify calculation totals & routinesVerify calculation totals & routines

46

ARRA ARRA American Recovery & American Recovery &

Reinvestment Act of 2009Reinvestment Act of 2009

• Rules complexRules complex

• ““Yellow Book” programYellow Book” program

• Recipient = any entity receiving Recipient = any entity receiving funds directly from Fed. Gov’tfunds directly from Fed. Gov’t

Auditing

Documents

Transcript of Auditing